In accordance with the provisions of the General Data Protection Regulation GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights, you are provided with the following information on the processing of your personal data.
Who controls the processing of your personal data?
Data Controller and Data Protection Officer
The Data Controller responsible for the processing of your personal data is EXCURSIONS A CABRERA S.L, with registered address at CALLE MIGUEL SERRA CLAR Nº 4, 07640, SES SALINES. You can contact the data protection officer at the following email address: email@example.com.
What data do we process?
At EXCURSIONS A CABRERA S.L we process the personal data that you provide by filling in the forms provided for this purpose on this website, as well as any personal data resulting from the provision or contracting of our services or products and/or any personal data resulting from the commercial relationship that you have with us. In addition, we process the personal data generated by your activity on our website, which includes your browsing data obtained through the website.
It is important for us to keep the record of your personal data up to date. You are obliged to keep us informed of any changes or errors in your personal data as soon as possible by contacting us by email: firstname.lastname@example.org.
What do we process your personal data for?
Purpose: Your personal data is processed for the following purposes:
-Managing and maintaining the services provided through the website.
-Managing and servicing queries and requests for information made by users through the contact form. The email address and personal data that you provide us with through the contact form on the website will be used exclusively to deal with the queries that you send us by this means.
-Compliance with applicable legal obligations.
-Sending commercial communications and newsletters, and advertising our services and products.
-Managing the contracting of our services and/or products.
-Managing requests for information or requests for quotations for our services or products.
-If you have given your consent and in order to be able to offer you services relating to your interests, your personal data may be used to draw up a commercial profile. No automated decisions will be made based on said profile.
How long will we keep your personal data?
We keep your personal data in our systems and files for as long as is needed to carry out the purposes of the processing, and to comply with applicable legislation. Your personal data will be kept for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to the deletion and/or restriction of processing of your data. The length of time for which personal data is kept will vary depending on the purposes of the processing, and in general terms:
-The personal data that you provide when contracting our services or products will be kept for the duration of the contractual relationship and, once said relationship has ended, for the legally mandated period of time with regard to any legal actions arising from said relationship.
-The personal data you provide in order for us to manage requests for information or queries through the contact form will be kept as long as you do not request for said data to be erased or cancelled.
-The personal data you provide to subscribe to our newsletter or bulletins will be kept as long as you do not request its deletion, indicate your opposition and/or request its limitation.
-The personal data obtained from your browsing and consumption habits, as well as the commercial profile obtained, will be kept as long as you do not request its deletion or cancellation.
Your personal data will be kept for as long as it is useful for the purposes indicated and, in any case, for legally mandated periods and for length of time necessary to address any possible liabilities arising from the processing of said data.
We have appropriate technical and organisational security measures in place to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, and to ensure the integrity and confidentiality of your personal data. The technical and organisational security measures implemented make it possible to: guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services; restore the availability of and access to personal data promptly in the event of a physical or technical incident; and regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
These technical and organisational security measures have been designed taking into account our IT infrastructure, the state of the art in accordance with current standards and practices, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity of the processing to your personal data.
What is the legitimacy for the processing of your data?
Legitimacy: The legitimacy to process your personal data is based on:
-Executing and maintaining a contractual and commercial relationship with you, such as contracting the organisation’s products and services, and managing and processing requests for quotes for the organisation’s products and/or services, all in accordance with the provisions of Article 6.1.B of GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December (LOPDPGDD).
-Your express consent for one or more purposes, such as sending you our own or third-party advertising communications or newsletters, managing how curricula vitae are sent, and taking part in activities or competitions, all in accordance with the provisions of article 6.1.A of GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December (LOPDPGDD).
-Compliance with various legal obligations, all in accordance with the provisions of Article 6.1.C of GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December (LOPDPGDD).
-Meeting the legitimate interests pursued by the data controller or by a third party, e.g. for security reasons, to improve our services and/or to manage requests or queries.
During the data collection process, and in each place on the website where personal data is requested, the user will be informed by means of a hyperlink or by the inclusion of appropriate mentions on the form itself of the mandatory nature or otherwise of the collection of their personal data.
The personal data requested in the forms on the website are, in general, mandatory (unless otherwise specified in the required field) in order to comply with the established purposes. Therefore, if the personal data requested is not provided, or is not provided correctly, the request cannot be fulfilled.
There is an obligation to provide your personal data when contracting a service or product, and/or when requesting a quote or offer.
The sending of advertising communications, newsletters or bulletins about our products and services is based on the consent that you are asked for, and under no circumstances does the withdrawal of this consent affect the contractual or commercial relationship that you have with us.
If you have authorised us to send advertising for our services and products, your personal data may be used to manage the sending of advertising offers and newsletters by electronic means. In these cases, the provisions of articles 20 and 21 of Law 34/2002, of 11 July 2002, on information society services and electronic commerce, apply to the use and processing of your personal data for the purpose of sending advertising by electronic means.
If you have ticked the option to receive advertising, or if you have subscribed to our newsletter, you can cancel this option at any time.
With which recipients will your data be shared?
Recipients:In general, your personal data will not be shared with any third party outside the organisation, unless there is a legal obligation to do so. However, you are informed that third-party providers may have access to your personal information as data processors in the context of providing a service for the data controller organisation. You are informed that you can request a complete list of the recipients that may receive your personal data as processors or as third-party recipients transfer by emailing: email@example.com. In addition to the above, the organisation may transfer or communicate personal data in order to fulfil its obligations to the Public Administrations in cases where this is required, in accordance with the legislation in force.
-International data transfers:
In order to carry out the data processing activities detailed above, we may transfer data to countries outside the European Economic Area (EEA), and store said data in physical or digital databases managed by organisations acting on our behalf. Database management and the processing of data are limited to the purposes of the processing and are carried out in accordance with applicable data protection laws and regulations. If any data is sent outside the EEA, the company will use appropriate contractual measures to ensure data protection, including but not limited to contracts based on the standard data protection clauses adopted by the European Commission applicable to the sending of personal data outside the EEA.
What rights do you have in the processing of your personal data?
Your rights: You have the right to obtain access to your personal data, as well as to request that any inaccurate data be rectified or, where appropriate, to request the removal of said data when, among other reasons, the information is no longer necessary for the purposes for which it was obtained. In certain circumstances, you may request that the processing of your data be limited, in which case we will only retain it for the purpose of filings or defending complaints. Additionally, and for purposes related to your particular situation, you may oppose the processing of your data, in which case your personal information will no longer be processed for those purposes to which you have stated you opposition. Where technically possible, you may request the portability of your data to another data controller. To exercise these rights, in accordance with current legislation, you can send a letter by post, enclosing a copy of a document proving your identity (DNI), to EXCURSIONS A CABRERA S.L at CALLE MIGUEL SERRA CLAR Nº 4, CP: 07640, SES SALINES or send an email to firstname.lastname@example.org. You have the right to lodge a complaint with the supervisory authority: Spanish Data Protection Agency (www.agpd. es). Origin of personal data: the data subject.
You expressly accept the inclusion of the personal data collected while browsing the website and/or provided by filling in any forms, as well as any data resulting from a possible commercial relationship, in the organisation’s automated personal data files.
The organisation guarantees the confidentiality of users’ personal data. However, when required to do so, the organisation will disclose personal data to the relevant public authorities, along with any other information in its possession or which is accessible through its systems, in accordance with the legal and regulatory provisions applicable to each case. Personal data may be kept in the files owned by EXCURSIONS A CABRERA S.L even after the commercial relations formalised through the organisation’s website have ended, solely for the purposes indicated above and, in any case, for the legally established periods, at the disposal of administrative or judicial authorities.
Use of social media
When you interact with our website through various social media platforms, such as when you connect to or follow us or share our content on social media platforms (Facebook, Twitter, LinkedIn, Instagram or others), we may receive information from these platforms, including information about your profile, user ID associated with your social media account, and any other public information that you allow to be shared with third parties on said platforms.
The organisation uses social media as a way to provide information about the services it offers, as well as any other activity or event that it carries out and wishes to publicise, but at no time will it obtain personal data from users interacting on said social media platforms, unless there is express authorisation to do so.
This data is only used within the social media platform itself and is not incorporated into any processing system.
In cases of registration and/or access through a social media account, the organisation may collect and access certain information from your user profile on said platform, solely for the purposes indicated above.